CCTV Cybersecurity Certification Deadline Not Extended – MSMEs Face Compliance Challenges

The Ministry of Electronics and Information Technology (MeitY) has officially declined requests to extend the April 9, 2025 deadline for STQC (Standardisation Testing and Quality Certification) of CCTV cameras and video surveillance systems. This decision, finalized in a meeting held on April 21, comes as a major blow to MSMEs and CCTV manufacturers relying on Chinese components.

What Is the STQC Certification?

Introduced in March 2024, the STQC certification mandates that all CCTV and video surveillance products must comply with cybersecurity standards and ensure a trusted supply chain. This move is part of India's larger cybersecurity framework aimed at safeguarding critical infrastructure.

Why This Impacts MSMEs

• More than 80% of CCTV systems in India currently rely on Chinese components and cloud infrastructure.

• Many small and medium CCTV manufacturers (MSMEs) lack the infrastructure to meet the stringent STQC criteria

• Non-compliance could lead to business disruption, supply chain breakdowns, and higher operational costs

Without compliance, manufacturers risk:

• Delisting of uncertified products

• Import restrictions on non-compliant components

• Loss of business contracts with government and private sector buyers

• Significant supply chain disruptions, especially for affordable surveillance products

A Push Toward “Make in India”

The government’s firm stance is aligned with its “Make in India” initiative, aimed at:

• Encouraging domestic manufacturing of critical technology

• Reducing reliance on foreign surveillance equipment

• Enhancing national security and data sovereignty

While this presents an opportunity for Indian manufacturers to scale up, the transition period is short, and many MSMEs are struggling to keep up.

What Does STQC Certification Require?

To become STQC-compliant, manufacturers must:

• Undergo cybersecurity testing in STQC-authorized labs

• Avoid reliance on unverified cloud services or unauthorized remote connections.

• Implement secure boot protocols and firmware integrity checks

• Maintain a traceable, trusted component supply chain

• Submit all required documentation, including firmware samples and hardware specifications, for evaluation.

The certification process can take 6–10 weeks, adding urgency to an already tight compliance window.

What MSMEs Can Do Now

To avoid business disruption, MSMEs are advised to:

• Initiate certification immediately through STQC-approved labs

• Source components from vetted Indian or non-restricted foreign suppliers

• Collaborate with local electronics manufacturers to reduce dependency on Chinese imports

• Leverage government incentives or schemes for electronic component manufacturing and cybersecurity compliance (if any become available)

Final Thoughts

The government’s firm deadline is a strong signal that India is serious about digital sovereignty and cybersecurity, especially in surveillance technologies. While it poses short-term compliance challenges, especially for small and medium players, it also opens up long-term opportunities for domestic innovation and growth in secure surveillance hardware.

For more info you can contact us at cs@absoluteveritas.com